03/22/2017

Over 300 Cisco Switch Models Vulnerable to Compromise

There's good news and bad news concerning the "Vault 7" data dump from WikiLeaks. So far, the good news is that a large number of the identified vulnerabilities have already been fixed by the manufacturers and updating your systems protects you from the reveled attacks. The bad news is that the WikiLeaks data caused Cisco to release a critical warning for over 300 of its Catalyst switches and network modules. Cisco revealed that the exploit could allow the CIA to use a simple command with the purpose of taking full control of the devices.

The vulnerability resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on the internal network. The Cisco advisory states "An attacker could exploit this vulnerability by sending malformed CMP-specific telnet options while establishing a Telnet session with an affected Cisco device configured to accept telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device."

There is a complete listing of the impacted products in the advisory notice. There is no fix currently available. Cisco recommends disabling the Telnet protocol and using SSH for incoming connections. If you can't disable Telnet, Cisco recommends implementing infrastructure access control lists.

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.